Cloud Lab-61: vCloud Director Organizations- “Use Case – Load balance Web Servers in vCloud Director” (Part 1)

In this use case, i am using vCloud Director Web load balancing feature to show you simple web server Load balancing of two static web-servers. vCloud Director is basically used vCNS Firewall Service for load balancing. In my lab, i have Configured two web server (VMs) on Redhat OS which are using apache as a web server. I had created a simple static test page on both of my web server VMs for demonstration. due to the length of this post, i divided it into two parts.  lets see what we will cover in “part 1”

LAB-61 TASKS (Part 1)

In this Lab, we will perform following tasks

  1. Load Balance Use Case Scenario
  2. Architecture diagram for Load balancing Use Case Scenario
  3. Information required for Web Server Configuration
  4. vCNS Web Server Terminologies
  5. Configure Web Server on Organization VSE (SkyNet-Prod-Edge2)

1-Load Balacnce Use Case Scenario

I have a vApp5 with name “vApp5-Web1” VM which act as “Web Server 1” and “vApp5-Web2” as “WebServer2”. These VM’s are behind routed organization network. I am going to use vCloud Director, which use vShield Edge Firewall Load Balancing feature to load balance the web servers. below diagram is the same which i used in my previous post.

2-Architecture diagram for Load balancing Use Case Scenario

cloudlab61-vCloudOrganization-LBUsecase-01

3-Information required for Web Server Configuration

1-External Client IP Information
2-vApp5-Web1 IPs Information (Both Internal and External)
3-vApp5-Web2 IPs Information (Both Internal and External)
4-External IP Address of VSE (Skynet-Prod-Edge2)
4-Sub Allocation Pool IP Range of VSE (SkyNet-Prod-Edge2)

NOTE: SkyNet-Prod-Edge2″ is VSE firewall which is connected to External Network and my vApps are behind it as you can see in architecture diagram

1-External Client IP Information

Here is my “Client/Mgmt PC” machine which is connected to my “external Network” of vCloud director. His IP address is “10.0.150.150/24” as shown below and my external Network ID would be 10.0.150.0/24.

cloudlab58-vCloudOrganization-DNATUsecase2

2-vApp5-Web1 IPs Information (Both Internal and External)

Our Goal is to access “vApp5-Web1” Machine from External Network. This VM is behind our vShield Edge Firewall.  Note the vApp5-Web1 (IP Address).

In My Case it is 

192.168.11.100 (Internal) & 192.168.33.4 (External)

cloudlab58-vCloudOrganization-DNATUsecase3

As you can see below. In our “vApp Network” Firewall is enabled (by default).

cloudlab58-vCloudOrganization-DNATUsecase4

3-vApp5-Web2 IPs Information (Both Internal and External)

Our Goal is to access “vApp5-Web2” Machine from External Network. This VM is behind our vShield Edge Firewall.  Note the vApp5-Web2 (IP Address).

In My Case it is 

192.168.11.101 (Internal) & 192.168.33.3 (External)

cloudlab61-vCloudOrganization-LBUsecase-03

As you can see below. In our “vApp Network” Firewall is enabled (by default).

cloudlab58-vCloudOrganization-DNATUsecase4

3-External IP Address of VSE (Skynet-Prod-Edge2)

My “vApp5” VM’s are in Organization VDC “SkyNet-Prod-OrgvDC”. it is connected to Network “SkyNet-Prod-Org-Routed2” which is routed and behind vShied Edge Firewall “Skynet-Prod-Edge2”.

cloudlab58-vCloudOrganization-DNATUsecase5

To get the vShield External IP Address. Right Click on VSE Firewall ”SkyNet-Prod-Edge2” -> Choose “External IP Allocations”

cloudlab58-vCloudOrganization-DNATUsecase6

As you see below. VSE External IP address is “10.0.150.243” and it’s connected to vSphere Distributed Switch Port Group “External-Public2”

cloudlab58-vCloudOrganization-DNATUsecase7

4-Sub Allocation Pool IP Range of SkyNet-Prod-Edge2

you will need to know your VSE “Sub Allocation Pool” IP range. Because VSE will use IP address from this IP Pool for your NAT Services.

You can find this by Right Click on VSE Firewall ”SkyNet-Prod-Edge2” -> Choose “Properties”

cloudlab58-vCloudOrganization-DNATUsecase8

As you can see his Sub Allocation Pool IP range. Which is “10.0.150.245- 10.0.150.250”

cloudlab58-vCloudOrganization-DNATUsecase9

Now we have all the information let configure our Web Server.

4-vCNS Web Server Terminologies

The vCNS Edge Gateway uses the terms “Pool Servers” and “Virtual Server” to describe the load-balancing system. The “pool server” is the collection of VMs (Web Servers) in a vApp you want to load-balance. The “virtual server” is the IP address that is used connect by the clients it is also called virtual IP in load balancing terms.

5-Configure Web Server on Organization VSE (SkyNet-Prod-Edge2)

1-Configure Pool Servers 

First step is to configure Pool Servers for load balacing -> Go to your organization Network or VSE which connected to that organization network. Right Click on “SkyNet-Prod-Edge2”-> Choose “Edge Gateway Service”

cloudlab58-vCloudOrganization-DNATUsecase8

NOTE: the load-balancing tab doesn’t appear on a vApp Network enabled vApp

In Load Balancer Tab -> Choose “Pool Servers” button -> Click “Add” Button

cloudlab61-vCloudOrganization-LBUsecase-10

Enter a descriptive name for Pool. In my case it is “Web Server Pool” -> Click “Next”

cloudlab61-vCloudOrganization-LBUsecase-11

The Edge Gateway supports N types of load-balancing algorithm –

IP Hash (IP Hash basically carries out a computation on the source/destination IP of each packet)

Round-Robin (Round-Robin basically cycles between servers within the pool, but is possible to weight each virtual server in the pool. This sort of load-balancing is “fairest” of them all as it guarantees an equal distribution of sessions to all the members in the pool itself)

URI (URI uses a hash calculation based on the total number of servers in the pool – it makes sure that requests are directed to the same server so long as that server is available)

Least Connected (measure the number of open/active session to a virtual server in the pool – and directs any new request to least connected server)

Select you’re Service and Load Balancer Method along with port where you web server is listening. My web servers had a simple static test page which run on http port 80.

In my case, I select the default because I initially wanted a round robin web configuration,so I could confirm that both my web-servers in the pool would respond correctly.

 Click “Enable” Check box and choose “Round Robin” Balancing Method -> Click “Next”

cloudlab61-vCloudOrganization-LBUsecase-12

Common with many load-balancing technologies there’s a “Health Check” feature that confirm if a member in the pool is actually listening and responding to connections.

Enter monitor port no in my case it is the same 80, leave all other settings as default. In bottom of the page you will find “URI for http services” with default value “/”. You only have to enter your index (Main or First) page of the website .in my case it is “index.html” -> Click “Next”

NOTE: Default URI that would be checked to confirm the status of the server

cloudlab61-vCloudOrganization-LBUsecase-13

Now add the web-servers into the pool under “Manage Members” -> Click “Add”

cloudlab61-vCloudOrganization-LBUsecase-14

Enter your “First Web Server IP address” of the Pool, in my case it is 192.168.33.3 (Web Server 2). Leave ration weight as default “1”. Leave HTTP and monitor port as same 80 -> Click “OK”

cloudlab61-vCloudOrganization-LBUsecase-15

Enter your “Second Web Server IP address” of the Pool, in my case it is 192.168.33.4 (Web Server 1). Leave ration weight as default “1”. Leave HTTP and monitor port as same 80 -> Click “OK”

cloudlab61-vCloudOrganization-LBUsecase-16

Verify your added Members of Web Server Pool.

cloudlab61-vCloudOrganization-LBUsecase-17

Note: It is possible to set the “Ratio Weight” to zero (0). This has the effect of excluding a member from the pool for usage, it could be useful doing upgrades, patch management and essential maintenance on a web-server for example. Of course this member pool list can be used to add additional web-servers or decommission a web-server as well.

Review the configuration summary page -> Click “Finish”

cloudlab61-vCloudOrganization-LBUsecase-18

2-Configure Virtual Servers

The next step is to configure a “virtual server”. Before adding a virtual server you should find free available IP for your virtual server from your organization Network.

My Organization Network IP range is “172.168.33.x” range. you can check the “Network Specification” by right-clicking the “Edge Gateway’s properties”.

TIP: You can see what IP addresses are currently in use in the Organization Network by right-clicking it and selecting the “IP Allocations” option.

To add a Virtual Sever -> Go to your organization Network Firewall Service -> In “Load Balancer” tab -> Choose “Virtual Server” Button -> Click “Add” button from bottom

cloudlab61-vCloudOrganization-LBUsecase-19

Enter Virtual Server name -> Choose your Organization Network on “Applied on” option. In IP address add the IP address “192.168.33.6”. Which we had found free from our organization firewall. If you have more than one pool then select your desire pool from pool option. In my case I have only one. So it was select by default. Click “Enable” option “twice”. once “in service” and other “at bottom” to make sure virtual server is enabled -> Click “OK”

cloudlab61-vCloudOrganization-LBUsecase-20

Verify your added virtual Server -> Click “OK”

cloudlab61-vCloudOrganization-LBUsecase-21

Now everything is configured from load balancer point of view. As my vApp (WebServers) are behind the organization routed VSE Firewall. in order to publish it on the internet, i  have to do some extra configuration in terms of Nating and firewall. which i will configure in my next post.

Advertisements

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s